What is the difference between a "safe system" and a "safety system"?

The distinction between the terms was originally coined by a prominent engine manufacturer in Bavaria. Especially in the context of vehicle safety and automated driving, we find it very helpful for the differentiation of various sub-systems of a vehicle. That's why we explain it here again:

• In a "safe system", there are no negative, harmful effects in any situation of the intended operation.
• A "safety system" is used precisely when situations with potentially negative effects and possible damage/injuries occur in the operation of a system. The safety system then ensures that the damage/injury is just avoided or the negative effects are minimized.

For example, if one takes an automated/autonomous vehicle, then the current environment and assumptions about the behavior of other road users are used in a control algorithm to calculate the upcoming driving maneuver while driving. Normally, this results in a safe, collision-free trajectory, taking into account various control targets such as efficiency, safety, comfort, etc. (>"safe system"). If, for example, assumptions or underlying information/measurements were incorrect or if the Operational Design Domain (ODD) of components is exceeded, this can lead to situations with an increased collision risk. Then a "safety system" such as an autonomous emergency brake comes into operation to avoid or at least minimize the collision and the resulting damage/injury. In the process, the previous control targets (efficiency, comfort, etc.) are completely skipped and everything is subordinated to the goal of injury/damage reduction/avoidance.

In summary, this means that "safe systems" do not lead to any dangerous situations in operation. If it does anyhow, then a suitable "safety system" intervenes to avoid or minimise the prospected injury/damage.